ManageEngine x Forrester | Workforce Identity Platforms Landscape Report

Active Directory Policies

How to configure the scheduled scan in Windows Defender via GPO

In the dynamic landscape of cybersecurity, ensuring regular system scans for threats is crucial. For system administrators managing a network of Windows devices, configuring scheduled scans in Windows Defender through Group Policy is a key task. This article provides a comprehensive guide on how to configure scheduled scans in Windows Defender using Group Policy, aimed at enhancing network security and ensuring consistent protection across all devices.

Understanding Windows Defender Scheduled Scans

Windows Defender is a built-in antivirus program in Windows, providing essential protection against various types of malware. Scheduling regular scans is vital to detect and address threats promptly. By using Group Policy, administrators can ensure that all computers in the network adhere to a consistent scanning schedule.

Prerequisites

  • Administrative Rights: You need to have administrative privileges in your Active Directory (AD) environment.
  • Group Policy Management Console (GPMC): This tool must be installed and accessible to configure Group Policies.

Step-by-Step Instructions

Step 1: Open Group Policy Management Console

Launch GPMC by searching for “Group Policy Management” in the Start menu or by running gpmc.msc.

Step 2: Create or Edit a Group Policy Object
  • To create a new GPO, right-click on the domain or an Organizational Unit (OU) and select “Create a GPO in this domain, and Link it here…”.
  • To modify an existing GPO, locate it under the appropriate domain or OU, right-click it, and choose “Edit”.
Step 3: Navigate to Windows Defender Antivirus Settings

In the Group Policy Management Editor, go to: Computer ConfigurationAdministrative TemplatesWindows ComponentsMicrosoft Defender AntivirusScan.

Step 4: Configure Scheduled Scan Settings
  • Find the policy named “Specify the day of the week to run a scheduled scan”.
  • Set the policy to “Enabled” and then choose the day of the week for the scheduled scan from the options provided.
Step 5: Set Scan Type
  • Locate the policy “Specify the scan type to use for a scheduled scan”.
  • Set it to “Enabled” and then choose the desired scan type (Quick or Full) from the options.
Step 6: Configure Scan Time
  • Look for the policy “Specify the time of day to run a scheduled scan”.
  • Enable the policy and set the time you want the scan to run.
Step 7: Apply and Enforce the GPO
  • Link the GPO to the appropriate OU.
  • The policy will be applied during the next Group Policy refresh cycle. To expedite, run gpupdate /force on client machines for immediate application.

Advanced Configuration and Use Cases

  1. Different Schedules for Different OUs: Depending on the criticality, you can create different scanning schedules for different OUs. For instance, more frequent scans for systems in sensitive departments like finance or R&D.
  2. Scan Remediation: Configure policies for automatic remediation actions when a threat is detected during a scan.
  3. Use Case – Compliance Requirements: Regular scheduled scans can be part of compliance with regulatory requirements like HIPAA or GDPR.
  4. Use Case – Proactive Threat Management: In environments prone to frequent malware attacks, regular scheduled scans help in early detection and management of threats.

Security Considerations

  • Balancing Performance and Security: Schedule scans during off-peak hours to minimize impact on system performance.
  • Regular Policy Review: Ensure that the Defender policies stay updated with the latest Microsoft recommendations and organizational requirements.
  • User Communication: Inform users about the policies for transparency and to avoid potential confusion or concern during scan operations.

Troubleshooting

  • Policy Not Applying: If the policy isn’t taking effect, use tools like Resultant Set of Policy (RSoP) or gpresult to diagnose Group Policy issues.
  • Performance Issues During Scans: If scans significantly impact system performance, consider adjusting the schedule or scan type.

Conclusion

Configuring scheduled scans in Windows Defender via Group Policy is a fundamental responsibility for system administrators to maintain network security. This guide provides detailed steps to set up a regular scanning routine, ensuring that all networked devices are consistently protected against malware and other threats.

Related posts
Active Directory Policies

Block windows app installation with elevated privileges using GPO

Active Directory Policies

GPO to prevent regular users from changing MSI installation options

Active Directory Policies

GPO to prevent autoplay on non-volume devices

Active Directory Policies

Prevent remote logon for local accounts with blank password - GPO

×

There are over 8,500 people who are getting towards perfection in Active Directory, IT Management & Cyber security through our insights from Identitude.

Wanna be a part of our bimonthly curation of IAM knowledge?

  • -Select-
  • By clicking 'Become an insider', you agree to processing of personal data according to the Privacy Policy.